Details
-
Type:
New Feature
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: EJBCA 7.0.0
-
Component/s: None
-
Labels:None
-
Epic Link:
-
Sprint:EJBCA Team Alice - 2018 w45, EJBCA Team Alice - 2018 w48
Description
Ability to add/edit end entities and issue certificates with multi-value RDNs. This issue is limited to the ability to do so through the internal APIs.
In order for this to be safe, validation of this is needed in the End Entity profile validation.
The multi-value RDNs we know we need to handle are:
- CN+UID
- CN+serialNumber
- DirectoryName+givenName+serialNumber+surname=Ciaffi
Suggested validation in EE profile:
- Flag to allow multi-value RDN for fields
- If multi value RDN is in input and it's not allowed, throw exception
- If multi value RDN has other fields than CN, UID, serialNumber, dn, givenName, surName, throw exception (only allow a limited set to keep it safe)
- If allowed, the different parts of the multi-value RDN should be validated against the fields in the EE profile
- I.e. If we enter "CN=Tomas+UID=123" the EE profile needs to have a CN field, with multi value RDN allowed, and it need to have a UID field. Validation of CN and UID will be as defined in the fields in the EE profile
Includes:
- system tests (CertToolsTest, EE profile validation test, X509 CA issuing test)
- make sure it is not possible to use multi-value RDN by default, as it was not supported before it should be disabled by default now.
Attachments
Issue Links
- blocks
-
-
- Open
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
ECA-7385 Document multi value RDN behavior for 'Subset of Subject DN' (not working with multi-value)
-
- Closed
-
-
-
- Closed
-
- relates
-
-
- Closed
-
-
ECA-7514 Fix failing tests in EjbcaRestHelperUnitTest
-
- Closed
-
